[SRU][J][PATCH 0/1] change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl
Jeff Lane
jeffrey.lane at canonical.com
Wed Oct 5 19:34:19 UTC 2022
BugLink: http://bugs.launchpad.net/bug/1980160
[IMPACT]
A cloud workload team is reporting a performance hit with non-priviledged
containers.
This happens due to default containers run with seccomp and that turns on
spec_store_bypass (tested on Ice Lake and Sapphire Rapids server)
Switch the kernel default of SSBD and STIBP to the ones with CONFIG_SECCOMP=n
(i.e. spec_store_bypass_disable=prctl_spectre_v2_user=prctl) even if
CONFIG_SECCOMP=y.
There is a much longer explanation in the patch commit message.
Picks cleanly to 5.15
Requested by Intel
[HW/SW Information]
Target Kernel: 5.16
Target Release: 22.04
Ice Lake and Sapphire Rapids server platform
[Business Justification]Upstream performance fix
[FIX]
2f46993d83ff4abb310ef7b4beced56ba96f0d9d
Andrea Arcangeli (1):
x86: change default to spec_store_bypass_disable=prctl
spectre_v2_user=prctl
Documentation/admin-guide/hw-vuln/spectre.rst | 10 ++++------
Documentation/admin-guide/kernel-parameters.txt | 5 ++---
arch/x86/kernel/cpu/bugs.c | 4 ++--
3 files changed, 8 insertions(+), 11 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list